Progent's Ransomware Forensics Investigation and Reporting in St. Louis
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and perform a detailed forensics analysis without slowing down the processes required for business resumption and data recovery. Your St. Louis organization can use Progent's post-attack ransomware forensics documentation to counter subsequent ransomware assaults, assist in the recovery of lost data, and comply with insurance and regulatory requirements.
Ransomware forensics analysis involves determining and describing the ransomware assault's progress across the network from beginning to end. This audit trail of how a ransomware attack progressed through the network helps your IT staff to assess the impact and brings to light shortcomings in rules or work habits that need to be rectified to prevent future break-ins. Forensics is commonly assigned a top priority by the insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can take time, it is essential that other key activities such as operational resumption are executed concurrently. Progent has a large roster of information technology and data security professionals with the skills required to carry out activities for containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is complicated and requires intimate cooperation with the teams assigned to file cleanup and, if needed, payment discussions with the ransomware Threat Actor (TA). Ransomware forensics typically involve the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Services associated with forensics include:
- Isolate without shutting down all potentially affected devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user passwords, and implementing two-factor authentication to guard your backups.
- Create forensically sound digital images of all suspect devices so your data recovery team can proceed
- Preserve firewall, virtual private network, and other key logs as soon as feasible
- Establish the kind of ransomware used in the attack
- Examine every machine and storage device on the network as well as cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Determine the kind of ransomware involved in the assault
- Review log activity and user sessions to determine the time frame of the attack and to spot any potential lateral migration from the first infected system
- Understand the attack vectors exploited to perpetrate the ransomware attack
- Search for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract URLs from messages and check to see whether they are malware
- Provide detailed incident reporting to meet your insurance carrier and compliance regulations
- List recommended improvements to shore up security vulnerabilities and enforce processes that reduce the risk of a future ransomware breach
Progent has delivered remote and onsite IT services across the U.S. for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also has guidance in financial management and Enterprise Resource Planning application software. This scope of skills allows Progent to salvage and consolidate the undamaged parts of your network following a ransomware intrusion and reconstruct them quickly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in St. Louis
To find out more about how Progent can help your St. Louis business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.